Use Bitlocker drive encryption for all your data volumes on Vista

September 23, 2007 Leave a Comment

Thanks to a comment by Steve Lamb on his blog, I now find out that you can already use Bitlocker to encrypt volumes other than the operating system partition, you just have to do it from the command line.

I was pleasantly surprised to learn this, and it means I don’t have to wait for sp1.

OK, some of you must be thinking I have been hiding under a rock if I did not already know this, but I have found no mention in two books on Vista security (by Mark Minasi / Byron Hynes, and Jesper Johansson / Roger Grimes), nor another fat volume about Vista generally, nor a tome on Windows command line administration.

On the contrary, there are lots of misleading phrases that Bitlocker only encrypts the system volume (because they are trying to stress that it does not encrypt the boot volume, I guess), and even mention that if you use EFS for the additional volumes, and the EFS keys are on the system volume which is Bitlocker encrypted, then this is as good as Bitlocking the whole lot anyway. I can see the logic of that, but a little aside to say that you can use Bitlocker directly would have been helpful.

The Vista Resource Kit, however, does cover it, I now find (starting on page 527). A quick bit of Googling and the right page of the FAQ turned up this:

Will BitLocker encrypt more than just the operating system volume?

BitLocker provides a user interface for the encryption of the entire operating system volume, including Windows system files and the hibernation file. You can optionally use Encrypting File System (EFS) in Windows Vista to protect other volumes. The EFS keys are stored by default in the operating system volume. Therefore, if BitLocker is enabled for the operating system volume, all data that is protected by EFS is also indirectly protected by BitLocker. Additionally, advanced users can encrypt local data volumes using a command-line interface (manage-bde.wsf).

So, a bit of cscript manage-bde.wsf -? and we are on our way. But that’s for another day.

Advertisement

Filed under Security and Malware, Windows Vista Tagged with , , ,

About Adam Vero
I'm a self-confessed geek, IT consultant and trainer. By day I'm the owner of Meteor IT Ltd, a Microsoft Dynamics CRM consultant, Microsoft Certified Trainer and MS Office Master Instructor.

Tell me what you think...

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 86 other followers